dialogue-audio
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation instructs users to run
curl -fsSL https://cli.inference.sh | sh. This executes a remote shell script from the internet with the user's current permissions without prior validation, representing a critical security risk. - [COMMAND_EXECUTION]: The skill requires the
Bash(infsh *)tool permission, which enables the agent to execute any subcommand of theinfshCLI tool. - [EXTERNAL_DOWNLOADS]: The skill downloads binary files from
dist.inference.shduring the installation process and pulls additional external dependencies vianpx skills add inference-sh/skills@.... - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it interpolates untrusted user text into the
promptfield of theinfsh app runcommand. 1. Ingestion points: The skill accepts user-provided text in thepromptparameter ofdia-tts. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the command template. 3. Capability inventory: The skill can execute subprocesses via theinfshCLI. 4. Sanitization: No evidence of sanitization or input validation for the text prompt is present.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata